How not to reject return receipts

Vernon Schryver vjs@calcite.rhyolite.com
Mon Apr 17 03:42:27 UTC 2006


> From: Andy Rudoff 

> I've got a customer who sends out everything with a Return-Receipt-To:
> header in it.  In five cases in my logfiles, the resulting return receipt
> gets rejected by DCC because the Fuz2 checksum count is over my threshold.
> The actual Fuz2 checksum is different in each case, but obviously the
> fuzzy checksumming in the Fuz2 algorithm is coming up with something
> that is relatively common.
>
> I've looked through the log entries looking for something in the
> headers I can whitelist but of course the return receipts come from
> all over the place and all different MUAs.  Another option is to
> whitelist the env_To: but I'd really rather not do that as this customer's
> incoming spam was among the worst on my machine until I installed DCC.
>
> Any advice?

I would teach the customer the basic facts of Return-Receipt-To.  The
first is that many MTAs do not answer either the old, non-standard
sendmail Return-Receipt-To or newfangled RFC 3464 DSNs.  There are
many old MTAs installed out there.  Many people with modern MTAs,
including me, object to them on privacy grounds.  This fact implies
that you can't infer anything from not receiving a DSN.

The second fact is that even if you do receive a DSN, you know only
that the message was deposted in a mailbox.  You do not know whether
anyone has read it or, for example, a spam filter has destroyed the it
before anyone saw it.  This fact implies that unless you are concerned
with debugging MTAs instead of whether your mail is read by the people
to whom you send it, you can't infer anything useful from having received
a DSN.

Of course, your customer is unlikely to accept these facts.  You could
not worry and be happy.  Because of the first fact, the DCC rejections
of the customers DSNs may not significantly change the number of DSNs
that reach the custoemr's mailbox.

If that isn't acceptable, you might give the customer a per-user
whiteclnt file, configure the cgi scripts, and teach the customer to
whitelist the FUZ2 checksums of DSNs by looking at the per-user log
files.  I doubt there are more than several hundred distinct flavors
of DSN as far as the FUZ2 checksum is concerned.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.